Lucene search
PRIOn knowledge basePRION:CVE-2023-30801HistoryOct 10, 2023 - 2:15 p.m.
Default credentials
2023-10-1014:15:00
PRIOn knowledge base
www.prio-n.com
196
qbittorrent
default credentials
remote attacker
web user interface
remote execution
march 2023
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the “external program” feature in the web user interface. This was reportedly exploited in the wild in March 2023.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qbittorrent | le | 4.5.5 |
References
Related
alpinelinux
alpinelinux
CVE-2023-30801
2023-10-10 14:15:10
openvas
openvas
Fedora: Security Advisory for qbittorrent (FEDORA-2023-1bbfc445a2)
2023-12-01 00:00:00
Fedora: Security Advisory for qbittorrent (FEDORA-2023-185f3e8ad7)
2023-12-01 00:00:00
cve
cve
CVE-2023-30801
2023-10-10 14:15:10
cvelist
cvelist
CVE-2023-30801 qBittorrent Web UI Default Credentials Lead to RCE
2023-10-10 13:46:46
nvd
nvd
CVE-2023-30801
2023-10-10 14:15:10
osv
osv
CVE-2023-30801
2023-10-10 14:15:10
nessus
nessus
Fedora 38 : qbittorrent (2023-185f3e8ad7)
2023-11-29 00:00:00
Fedora 39 : qbittorrent (2023-1bbfc445a2)
2023-11-29 00:00:00
redos
redos
ROS-20240505-03
2024-04-05 00:00:00
debiancve
debiancve
CVE-2023-30801
2023-10-10 14:15:10
fedora
fedora
[SECURITY] Fedora 39 Update: qbittorrent-4.6.1-1.fc39
2023-11-30 03:31:17
[SECURITY] Fedora 38 Update: qbittorrent-4.6.1-1.fc38
2023-11-30 03:35:16
ubuntucve
ubuntucve
CVE-2023-30801
2023-10-10 00:00:00